Bufferzone Hooks Into Windows to Containerize Security

Bufferzone's technology segregates the activity that is done over the Web by running it within a secure container.

The idea of using isolation techniques—such as a sandbox or a hypervisor—to limit the attack surface in an operating system or a piece of software is not a new one, but it is an evolving space with innovations. One of the vendors using isolation to limit security risks is Bufferzone, which is using its own proprietary container approach to help protect users from threats.
"We allow companies that have levels of security requirements to connect to the Internet safely," Israel Levy, CEO of Bufferzone, told eWEEK.
The company has raised approximately $10 million in funding to date, with plans to raise more funds in the next six months, Levy said.
Bufferzone's technology segregates all the activity that is done over the Web by running it within a secure container. The idea is that if there is malware, it will be restricted and limited by the boundaries of the container and not have a wider risk or impact for organizations.

The term "container" is often associated in the modern computing world with Docker; however, that's not the container technology that Bufferzone is using.

"Our approach is completely designed for security and is a proprietary technology that is very lightweight," Eyal Dotan, CTO and co-founder of Bufferzone, told eWEEK. "It contains file system and registry modifications, but processes still run on the same machine, isolated by our windows kernel driver."
Bufferzone's container hooks into the Windows kernel directly, which Dotan said provides an advantage of user-mode forms of security. Programs that are in the buffer zone cannot access processes outside of the buffer zone. The way Windows works, a process needs to be accessed in order to inject code or to read what is running.
"Given that we're in kernel mode, we see everything that is coming though our driver," Dotan said.
Users still can get access to the underlying file system, by way of an approach known as "copy on write."
"We let processes in the buffer zone see what's on the file system," Dotan explained. As soon as a process requests write access for creating or modifying something, we simulate that operation in our own repository."
For a file system operation, there is a redirected file directory, and for the Windows registry there is a redirected registry key. The Bufferzone repository contains the delta, or the differences over time, of modifications made. Existing applications continue to work inside the Bufferzone since the technology resides in the Windows kernel and is not application-specific, Dotan said.
Among the many companie that compete with Bufferzone is Bromium, which provides a virtualization, or microvisor-based approach to securely isolating a system. Levy noted that his company will often compete on deals with Bromium.
Bufferzone is now making its technology available for Windows 10 users and is looking to expand the platform in 2016. Levy said that one area he's looking at is offering Bufferzone through a managed security service provider (MSSP) model.
"The technology will continue to be deployed by large accounts by companies with over 100,000 employees," Levy said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.